Nope, that uses logon type 10 on both W2K3 Srv and XP Pro. -t On 12/20/05, jason justman <[log in to unmask]> wrote: > > what about: > > *mstsc /v:servername /console > > j > * > Troy Murray wrote: > > > I was wrong, Remote Desktop on XP uses Type 10, while in 2000 it > > would use Type 2. The only other mention I found producing this error > > was logging in through a KVM IP switch. I don't suppose that > > workstation has had one of those installed. > > > > http://www.windowsecurity.com/articles/Logon-Types.html > > > > -t > > > > On 12/20/05, * David K McFarlane* <[log in to unmask] > > <mailto:[log in to unmask]>> wrote: > > > > Steve, > > > > > Sounds like you might possibly have a rootkit of some sort on > > the workstation. In that case the following sites have great > > resources for detecting many of the more well known rootkits: > > > > > > http://www.systernals.com (RootkitRevealer, ProcExp, TCPView) > > > > Thanks. I tried RootkitRevealer, it found nothing. I have not > > tried the > > other tools yet. > > > > But back to the question: Could a rootkit allow an attacker to > > log in over > > the network and yet have it show up as a console logon in the > > security log? > > This is really a question about the Windows security log and what > > it means. > > > > -- David McFarlane > > Systems Designer > > Michigan State University, Dept. of Psychology > > [log in to unmask] <mailto:[log in to unmask]> > > > > > > > > > > -- > > Troy D Murray > > Blog: http://troymurray.blogspot.com/ > > -- Troy D Murray Blog: http://troymurray.blogspot.com/